{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2018:32ENBIEIPI57RSYSKI6UUZ64NL","short_pith_number":"pith:32ENBIEI","schema_version":"1.0","canonical_sha256":"de88d0a0887a3bf8cb12523d4a67dc6add985ccc05a876ad3b9e4777574d2acc","source":{"kind":"arxiv","id":"1808.00659","version":1},"attestation_state":"computed","paper":{"title":"Chaff Bugs: Deterring Attackers by Making Software Buggier","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Brendan Dolan-Gavitt, Yu Hu, Zhenghao Hu","submitted_at":"2018-08-02T04:22:19Z","abstract_excerpt":"Sophisticated attackers find bugs in software, evaluate their exploitability, and then create and launch exploits for bugs found to be exploitable. Most efforts to secure software attempt either to eliminate bugs or to add mitigations that make exploitation more difficult. In this paper, we introduce a new defensive technique called chaff bugs, which instead target the bug discovery and exploit creation stages of this process. Rather than eliminating bugs, we instead add large numbers of bugs that are provably (but not obviously) non-exploitable. Attackers who attempt to find and exploit bugs "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1808.00659","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-08-02T04:22:19Z","cross_cats_sorted":[],"title_canon_sha256":"57fa67c509d3182e0d28cf05fc56b77241a836a5fc4553a4e5a572aebd3ffbfc","abstract_canon_sha256":"4bd5178dbfcc2fd4594c1f0a255305498f6961eba3fc4b6e795432db0503cb18"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:09:04.593018Z","signature_b64":"ULLPIuQjx5PeAlcypP7S1kd4VEDFEECuVuEZDkxfpGBGz6CmjwKiX2mBBkU0ngiWogePLdQQCn4m/YmcW6qNBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"de88d0a0887a3bf8cb12523d4a67dc6add985ccc05a876ad3b9e4777574d2acc","last_reissued_at":"2026-05-18T00:09:04.592271Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:09:04.592271Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Chaff Bugs: Deterring Attackers by Making Software Buggier","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Brendan Dolan-Gavitt, Yu Hu, Zhenghao Hu","submitted_at":"2018-08-02T04:22:19Z","abstract_excerpt":"Sophisticated attackers find bugs in software, evaluate their exploitability, and then create and launch exploits for bugs found to be exploitable. Most efforts to secure software attempt either to eliminate bugs or to add mitigations that make exploitation more difficult. In this paper, we introduce a new defensive technique called chaff bugs, which instead target the bug discovery and exploit creation stages of this process. Rather than eliminating bugs, we instead add large numbers of bugs that are provably (but not obviously) non-exploitable. Attackers who attempt to find and exploit bugs "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1808.00659","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1808.00659","created_at":"2026-05-18T00:09:04.592403+00:00"},{"alias_kind":"arxiv_version","alias_value":"1808.00659v1","created_at":"2026-05-18T00:09:04.592403+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1808.00659","created_at":"2026-05-18T00:09:04.592403+00:00"},{"alias_kind":"pith_short_12","alias_value":"32ENBIEIPI57","created_at":"2026-05-18T12:32:02.567920+00:00"},{"alias_kind":"pith_short_16","alias_value":"32ENBIEIPI57RSYS","created_at":"2026-05-18T12:32:02.567920+00:00"},{"alias_kind":"pith_short_8","alias_value":"32ENBIEI","created_at":"2026-05-18T12:32:02.567920+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL","json":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL.json","graph_json":"https://pith.science/api/pith-number/32ENBIEIPI57RSYSKI6UUZ64NL/graph.json","events_json":"https://pith.science/api/pith-number/32ENBIEIPI57RSYSKI6UUZ64NL/events.json","paper":"https://pith.science/paper/32ENBIEI"},"agent_actions":{"view_html":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL","download_json":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL.json","view_paper":"https://pith.science/paper/32ENBIEI","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1808.00659&json=true","fetch_graph":"https://pith.science/api/pith-number/32ENBIEIPI57RSYSKI6UUZ64NL/graph.json","fetch_events":"https://pith.science/api/pith-number/32ENBIEIPI57RSYSKI6UUZ64NL/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL/action/timestamp_anchor","attest_storage":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL/action/storage_attestation","attest_author":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL/action/author_attestation","sign_citation":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL/action/citation_signature","submit_replication":"https://pith.science/pith/32ENBIEIPI57RSYSKI6UUZ64NL/action/replication_record"}},"created_at":"2026-05-18T00:09:04.592403+00:00","updated_at":"2026-05-18T00:09:04.592403+00:00"}